/usr/share/perl5/Parse/Win32Registry/WinNT/Security.pm is in libparse-win32registry-perl 1.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 | package Parse::Win32Registry::WinNT::Security;
use strict;
use warnings;
use base qw(Parse::Win32Registry::Entry);
use Carp;
use Parse::Win32Registry::Base qw(:all);
use constant SK_HEADER_LENGTH => 0x18;
use constant OFFSET_TO_FIRST_HBIN => 0x1000;
sub new {
my $class = shift;
my $regfile = shift;
my $offset = shift; # offset to sk record relative to start of file
croak 'Missing registry file' if !defined $regfile;
croak 'Missing offset' if !defined $offset;
if (defined(my $cache = $regfile->{_security_cache})) {
if (exists $cache->{$offset}) {
return $cache->{$offset};
}
}
my $fh = $regfile->get_filehandle;
# 0x00 dword = security length (negative = allocated)
# 0x04 word = 'sk' signature
# 0x08 dword = offset to previous sk
# 0x0c dword = offset to next sk
# 0x10 dword = ref count
# 0x14 dword = length of security descriptor
# 0x18 = start of security descriptor
# Extracted offsets are always relative to first hbin
sysseek($fh, $offset, 0);
my $bytes_read = sysread($fh, my $sk_header, SK_HEADER_LENGTH);
if ($bytes_read != SK_HEADER_LENGTH) {
warnf('Could not read security at 0x%x', $offset);
return;
}
my ($length,
$sig,
$offset_to_previous,
$offset_to_next,
$ref_count,
$sd_length,
) = unpack('Va2x2VVVV', $sk_header);
$offset_to_previous += OFFSET_TO_FIRST_HBIN
if $offset_to_previous != 0xffffffff;
$offset_to_next += OFFSET_TO_FIRST_HBIN
if $offset_to_next != 0xffffffff;
my $allocated = 0;
if ($length > 0x7fffffff) {
$allocated = 1;
$length = (0xffffffff - $length) + 1;
}
# allocated should be true
if ($sig ne 'sk') {
warnf('Invalid signature for security at 0x%x', $offset);
return;
}
$bytes_read = sysread($fh, my $sd_data, $sd_length);
if ($bytes_read != $sd_length) {
warnf('Could not read security descriptor for security at 0x%x',
$offset);
return;
}
my $sd = unpack_security_descriptor($sd_data);
if (!defined $sd) {
warnf('Invalid security descriptor for security at 0x%x',
$offset);
# Abandon security object if security descriptor is invalid
return;
}
my $self = {};
$self->{_regfile} = $regfile;
$self->{_offset} = $offset;
$self->{_length} = $length;
$self->{_allocated} = $allocated;
$self->{_tag} = $sig;
$self->{_offset_to_previous} = $offset_to_previous;
$self->{_offset_to_next} = $offset_to_next;
$self->{_ref_count} = $ref_count;
$self->{_security_descriptor_length} = $sd_length;
$self->{_security_descriptor} = $sd;
bless $self, $class;
if (defined(my $cache = $regfile->{_security_cache})) {
$cache->{$offset} = $self;
}
return $self;
}
sub get_previous {
my $self = shift;
my $regfile = $self->{_regfile};
my $offset_to_previous = $self->{_offset_to_previous};
return Parse::Win32Registry::WinNT::Security->new($regfile,
$offset_to_previous);
}
sub get_next {
my $self = shift;
my $regfile = $self->{_regfile};
my $offset_to_next = $self->{_offset_to_next};
return Parse::Win32Registry::WinNT::Security->new($regfile,
$offset_to_next);
}
sub get_reference_count {
my $self = shift;
return $self->{_ref_count};
}
sub get_security_descriptor {
my $self = shift;
return $self->{_security_descriptor};
}
sub as_string {
my $self = shift;
return '(security entry)';
}
sub parse_info {
my $self = shift;
my $info = sprintf '0x%x sk len=0x%x alloc=%d prev=0x%x,next=0x%x refs=%d',
$self->{_offset},
$self->{_length},
$self->{_allocated},
$self->{_offset_to_previous},
$self->{_offset_to_next},
$self->{_ref_count};
return $info;
}
1;
|